CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7520

A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.1%

CVSS Severity

CVSS v3 Score 4.7

CVSS v2 Score 4.0

References

Products affected by CVE-2020-7520

Schneider-Electric » Software Update Utility » Version: 1.0

cpe:2.3:a:schneider-electric:software_update_utility:1.0
Schneider-Electric » Software Update Utility » Version: 1.0.13

cpe:2.3:a:schneider-electric:software_update_utility:1.0.13
Schneider-Electric » Software Update Utility » Version: 1.1

cpe:2.3:a:schneider-electric:software_update_utility:1.1
Schneider-Electric » Software Update Utility » Version: 1.2.0

cpe:2.3:a:schneider-electric:software_update_utility:1.2.0
Schneider-Electric » Software Update Utility » Version: 1.3.0

cpe:2.3:a:schneider-electric:software_update_utility:1.3.0
Schneider-Electric » Software Update Utility » Version: 1.3.1

cpe:2.3:a:schneider-electric:software_update_utility:1.3.1
Schneider-Electric » Software Update Utility » Version: 2.0.0

cpe:2.3:a:schneider-electric:software_update_utility:2.0.0
Schneider-Electric » Software Update Utility » Version: 2.2.0

cpe:2.3:a:schneider-electric:software_update_utility:2.2.0
Schneider-Electric » Software Update Utility » Version: 2.4.0

cpe:2.3:a:schneider-electric:software_update_utility:2.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7520

Products

Pricing

Contact Us